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[57] ABSTRACT 

A computer program for validating and controlling process- 
ing of input data from electronic forms such as Hypertext 
Markup Language (HTML) forms. Data including the input 
data is received from a form submitted to a server, wherein 
the server includes a registry. The program uses information 
stored in the registry to determine whether the input data 
from the form is valid. 
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METHOD AND APPARATUS FOR FORMS The directory path and data validation information is 

DATA VALIDATION AND PROCESSING provided in HTML forms as "hidden fields." The hidden 

CONTROL fields are hidden when the form is viewed through the 

browser in a typical manner. Most Web browsers, however, 

FIELD OF THE INVENTION s aU 0W a user to view the source of the HTML file using a 

The present invention relates to the field of processing of "View Source" or other similar command. In prior 

electronic forms. More particularly, the present invention approaches, when viewing the HTML source, server direc- 

relates to a method and apparatus for validating and con- torv information and data validation and processing control 

trolling processing of input data from electronic forms. information can typically be viewed by the user Such 

10 information may expose aspects of the server that would 

BACKGROUND OF THE INVENTION ordinarily not be known to others, and may therefore, create 

With the growing use of the Internet in general, and more ^ ^necessary security risk. Additionally, where data vali- 

specifically, the World Wide Web ("the Web"), the use of datl0n and processing information is included in the HTML 

electronic forms that may be filled out by users via remote f ? rm > H ™ L , form desi S n can become cumbersome and 

client systems is also increasing. Electronic forms may be 15 hme-consuming. 

provided for many different purposes including gathering Another disadvantage associated with current CGI pro- 
survey information, ordering products, creating guest books, grams is that they often do not provide helpful error mes- 
and developing mailing lists. sages back to the computer system user if data entered into 

Many such forms are developed using Hypertext Markup a field fc incorrect or otherwise invalid. For example, if a 

Language (HTML) as it is versatile and easily learned. 20 field m a fonn is left blank where the field is required to be 

HTML forms available on the Web are typically viewed fiUed in > CGI programs may only inform the user that 

through a user interface referred to as a browser. Examples thcre * an error m the form without identifying the source 

of well-known browsers are Navigator™ from Netscape of me error. The user may then have to determine on her own 

Communications Corporation and Internet Explorer™ from what * wron g with me form > or tf y multiple times to correct 

Microsoft Corporation. 25 the form before identifying the problem. 

ffllBrflelgEo^sW e^ The limitations with respect to currently available CGI 

in tojfieM^ftamMT.M^ programs and other methods for validating and processing 

Ga tow,a^n tCTfa^^ form input data have in certain instances, led to potentially 

tvA^ lly^e [ t v elpp CGI is an open standard that delmes 30 increased server security risks, compromised forms process- 

h^WWs^rMjsusc external programs. The CGI programs m S efficiency, and caused user frustration, 

(or scripts, depending on the language in which they are cmA^Dvnc tuc Txnrcxm^T 

written) provide the output of an on-screen form to a data SUMMARY OF THE INVENTION 

processing program to be processed. CGI programs may A computer-implemented method for rafcdating^mp^ 

also provide for the output of the data processing program to 3S d at^gfr^^aTigeleGtjraniEBf flr.msiqfifjftftgHhp.ri The method 

be displayed to the client computer system from which the comprises a first step of receiving data including the input 

form was submitted. data from the form submitted to a server, t toseiKefeincju ^ 

The complexity of CGI programs can vary widely m^a«^fegistr^In a next step, it is deteramiedawhfithefethe 

depending on the language used to develop the program and m pjikdatazis^alidhU^ 

the validation and processing requirements of the form. 40 Other features and advantages of the present invention 

PERL is a popular language in which to write CGI scripts will be appreciated from the accompanying drawings and 

because it is easily learned and powerful. PERL, however, is from the detailed description that follows below, 
an interpreted language and is therefore inefficient. High 

level languages such as C/C++ may be used to develop CGI BRIEF DESCRIPTION OF THE DRAWINGS 

programs, but may require more development time and 45 xh e present invention is illustrated by way of example 

expertise. an( j not limitation in the figures of the accompanying 

One issue with current CGI program development is that drawings, in which like references indicate similar elements, 

the software developer must focus software development and in which: 

resources on data validation. CGI programs that process FIG. 1 shows a computer system that may be used to 

pnor HTML forms must typically include code to validate so implement the forms processing program of one embodi- 

the data entered into each of the fields of the form. Further, ment 

in many cases a different CGI program must be custom- no. 2 is a high-level block diagram of a client-server 

written for each HTML form that » to be processed. Such cnvironment ^1^^ me for 6 m data va i idation and 

coding may be time and resource intensive, especially m the - t , c . 

B C r * jr in r, processing control program of one embodiment, 

case or forms that provide for many different types of data 55 _ T _ - A . „ 

and/or in the case of forms for which the validation require- . FIG ' L 3A L shows an ex ^P le of a ^ book form as 

ments are complex. viewcd b ? the uscr throu S h a browscr * 

Another disadvantage associated with current CGI FIG. 3B shows the form of FIG. 3 A following a "View 

programs, regardless of the language in which they are j> ource " w™*^ iss *ed by the client user through the 

written, is that, in many cases, HTML designers are forced 60 Drowscr - 

to provide a server directory path as well as specific data ^G. 3C shows the form of FIG. 3A as it may look 

validation and processing information within the HTML following data input by a client user, 

form itself. The directory path is provided to indicate a FIG. 4 is a flow diagram showing the form input data 

location on the server at which a CGI program associated validation and processing control method of one embodi- 

with the HTML form is located. The data validation and 65 ment. 

processing information indicates how the data entered into FIG. 5 is an example of a registry structure that may be 

the form should be handled. used in one embodiment. 
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FIG. 6 is an example of an error log that may be used in The mass storage device 130 is coupled to the bus 105 for 

one embodiment. storing information and instructions for use by the processor 

FIG. 7 is an example of the error log of FIG. 6 as it may 110. A data storage medium 150 containing digital informa- 

look following validation of all fields of the form of FIG. 3C tion is configured to operate with the mass storage device 

and which may be sent as an error message. s 130 to allow the processor 110 access to the digital infor- 

DETAILED DESCRIPTION mation on the data storage medium 150 via the bus 105. The 

A .L-,-, ^ c ^ • ..j.- j naass storage device 130 may be a conventional hard disk 

A method and apparatus for performing validation and , . a i j • * j- j i 

controlling processing of input data from electronic forms £^£2^ d ™' com P ac re f d ^ ™™V 

such as Hjipertext Markup Language (HTML) forms is i™;™™) *™. or other magnetic or optical data storage 

described *-*>&v / 10 device for reading and writing information stored on the data 

jl . * j j j r ... storage medium 150, which may be a hard disk, a floppy 

An intended advantage of one or more embodiments ^ a CD . R0M> a etic u or other miga ^™ 

described below >s reduced development time and effort kal djUa e ffledium ^ data e medium m 

required for electronic forms input data validation and ^ capa ble of stormg sequences of instructions that cause the 

processing Ottier intended advantages of one or more J5 computer system i 00 to perform specific functions, 

embodiments described below may include flexible and _ . , . .... . 

robust data validation, processing and error reporting for , ,?° { ?™ s v ^ on "!? P^f^S c ° nt «>l P™f ™* 

many different electronic forms in many different 155 t ■ nd handler * 160 > f s "J™ as ° mer software modules 

environments, as well as a reduction in potential security s " ch f 8 m ,°P e "f * fy stem 16 *. and ? ™> m ^ * 

risks that may be posed by providing data validation and ln f ,M f d ° n me data stora f m u ed,um 150 and ^bsequenUy 

processing information within an electronic form. 20 loaded and executed within the computer system 100 

a mi i j -i j ■ j * *i li c using well-known techniques. Although the software mod- 

As will be described in more detail below, tor one , i fie i £A j * < ■ , 

... . . . ,. . \ ^ - ules 155, 160, 165, and 170 are shown as being stored on a 

embodiment, a sej&eiiMireludmt^^ . . , \ . %etx , , * . 

. . . ' ^ , 1 ■ ■ , f . ^rr_j. " , ;~ "r^ smgle data storage medium 150, each such module may be 

an^le^g)nic^form5s ubmitteaifcs vaaiclient. Theliorm^mavgbeii . , t . . . J 

Hran^gp^— ~*4? ^~^^. Jzr^==£. ^ j ♦ stored on a different data storage medium or m a memory, 

j ,i . . j r_£» 11 _j ~ r" — ~ — 7 ^ 25 such as the main memory 120. 

mp uteandamatas^^cssedstaim^ _ ' 

ov^g^^M^^|(«te^eb"), for example. £he. FIG * 2 illustrates an example of a client-server environ- 

da^oS^gjj^ ment and an overview of the software modules that operate 

v^^^^^^^^^^^S^i^^gtui Wlth ' and are used t0 ™plement the forms data validation 

reeistadg^^ , n and P roccssin g ^trol program of one embodiment. In this 

caoibelS example, a chent personal computer system (PC) 200 is 

comrol^thl^^d*^^ connected or capable of being connected to a server 205, 

t j , i**uj* ac r such a s, a Web server, over the Internet 210 or another 

In order to evaluate the data received from the form, . ' , ' , , . 

■ c M t - a *• -.1 / network such as a wide area network (WAN) or a local area 

information in one or more configuration registry keys (or , , n a*tx ™ / , " , 

K i x j tU • # i - J f i, t ? */i network (LAN). Both the chent PC 200 and the Web server 

subkeys) under the registry key indicated by the registry key « ..... 

. , ..i 7 - , ~ / . ,j . v ^ 7— 205 may be similar in configuration and operation to the 

identifier is accessed. Fcuiipa^ifi^i^sBtoreV'aluated^iferaei / 4 inn . 5 , " 

j • *u ^. < » 3 .»7i ( ; v ^ -,71- - computer system 100 described above with reference to 

data^-theaiadasW^ FIG 1 

fiedanilhej^neiorjmoTeie^^ 

ngssaro-TO^esp pntKnos^ Alon S ^ other ^ttwue, such as an operating system 

dyrllhncmpDlilCT all of the 40 ( not shown )> the clieilt pc 200 includes a browser program 

fields have been evaluated, if there are entries in the error 215 > a H YP ertext Transfer Protocol (HTTP) layer 220, and a 

log, a detailed and specific eireiwn^gefiiss provideo ^to^ Transmission Control Protocol/Internet Protocol (TCP/IP) 

usemdeiitii^mg«ta?sp^Mo-fi^ * aver 2 ^ 5 ; 

Ifeno^ Dy,alidnin pu n t^dateis^ one or more data ^f|^ w ^ r *P^^ 

processing programs, also referred to herein as "handlers/' 45 Niiv tgff&^ 

are invoked by the data validation and processing control Exfflorep 1 ^ 

program to process the input data, soJ^a|B*^ 

One embodiment is implemented through a set of soft- matiffiWvilS^ 

ware modules that may be executed on a computer system HTTP is an application-level communications protocol 

such as the computer system 100 shown in FIG. 1. In so used to access hypermedia documents, such as Web pages, 

general, such computer systems include a bus 105 for mat ma Y include hypertext links. HTTP has been primarily 

communicating information, a processor 110 including an used as the basic transport protocol for the Web. 

execution unit 115 coupled to the bus 105 for processing TCP/IP is a well-known set of transport protocols used to 

information, and a main memory 120 coupled to the pro- communicate over networks in general, and in particular, the 

cessor 110 for storing information and instructions for the 55 Internet. Transport protocols other than TCP/IP may also be 

processor 110. For example, the main memory 120 may used in other embodiments. 

store an application program 125 that is transferred to the The server 205 includes a TCP/IP layer 230 and an HTTP 

main memory 120 from another memory such as a mass protocol layer 235. Additionally, the server 205 includes an 

storage device 130 also coupled to the bus 105. HTTP server 240 that provides access to information such as 

The computer system 100 also includes a read-only 60 HTML forms 245 stored on the server and a Common 

memory (ROM) 135 coupled to the bus 105 for storing fixed Gateway Interface (CGI) layer 250. 

information and instructions for the processor 110, a display Fo r one embodiment, the forms data validation and pro- 

device 140 coupled to the bus 105 for displaying informa- c^sing^ntMT^ 

tion to the computer system user, and an input device 145 /the handlers 260 associated with HTML fbrm1 L ^6 i ^o : e 



and/or cursor control device 146 coupled to the bus 105 for 65 (processed, and the registry 270 including registry keys artd 
communicating information and command selections to the '^kteyg^? ^ 



processor 110. tibrFfj^fic^S^ 
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Web server 205 in one embodiment. A^gisliyihWiizgi^ browser 215 on the client PC 200 is used to locate the form 

p r%g^ -2^ 2^,a^^ 280 on the Web server 205 over the Internet 210 in a manner 

conr^ra ffl well-known to those of skill in the art. The browser 215 is 

dci^^ff^^^^^^' '"' n,r also used to display the form 280 to the client PC 200 user 

For one embodiment, the registry 270 is part of an 5 such that he or she may fill out the form 280 by entering 

operating system 278. For one embodiment, the registry 270 input data into its various fields. 

is a Windows NT® registry and the operating system 278 is FIG. 3A shows the form 280 as it may look when viewed 

a Windows NT operating system (Windows NT is a regis- by the client PC 200 user through the browser 215 of FIG. 

tered trademark of Microsoft Corporation). The registry in 2 in a typical viewing scenario (i.e. without viewing the 

Windows NT is provided to store system and software to HTML source code). The form 280 is a simple guest book 

configuration information such as user options for particular entry form. The form 280 of FIG. 3 A, however, is exemplary 

applications programs and start-up information. and many other types of forms and form configurations may 

In Wfflows NT, jfl Sgpffi'iag ^ be similarly processed in accordance with various embodi- 

database^toatr^ ments. 

stmgtere^ Windows NT along with the Windows NT file 15 The form 280 as shown in FIG. 3 A includes multiple 

is^tewfNTFS) enforces access control for registry files so fields 305, 310, 315 and 320. The first field 305 in this 

that it is more difficult for computer system users to inten- example requires the client PC 200 user to enter his or her 

tionally or unintentionally alter or delete registry informa- name. The second field 310 requests the user's age. The third 

tion on a running system. In this manner, it is more difficult field 315 requests the user's email address, and the fourth 

for a client system 200 user to access Web server 205 20 field 320 requests the user's date of birth. A submit button 

information that is stored in the registry 270 as compared to 325 is also provided. 

information that is stored in a standard file on the server 205. piG. 3B illustrates a portion of the form 280 as it might 

Jgg gEelp^^ look to the client PC 200 user following a "View Source" or 

organu&eji^^^ other similar command issued through the browser 215. 

a^nl&sul^ Where the browser 215 (FIG. 2) is a Netscape browser, for 

i^liKi^ example, the client PC 200 user may choose to view the 



matffeTKp gj^ source code of the form 280 at any time whUe viewing or 

registwMW. Both Windows NT and the Windows 9" 



r^ffijgffi Both Windows NT and the Windows 95 entering data into the form 280, although viewing the source 

registries are accessed using the Win32 application program- code is not a necessary or typical step taken while viewing 

ming interface (API) (not shown). 30 the form. 

In other embodiments, a different registry and/or operat- The source code of the form 280 is HTML source code in 

ing system, such as a Windows 95, Windows 95 follow-on this example, although other types of forms may be vali- 

or Windows NT follow-on operating system and associated dated and processed in accordanccw ith other embodim ents, 

registry, may be used in a similar manner. Other registries 35 Tb^pONngsWr^^ 3B 

that are accessed in a different manner, a stand-alone registry includes^^t^ivx^ 

not associated with an operating system, or another structure the ^Fflifii^^ 

providing access control may also be used in other embodi- identifies the location in the server registry 270 (FIG. 2) at 

ments - which processing and validation information specific to the 

With continuing reference to FIG. 2, for one embodiment, 4Q form 280 is located. If the server 205 (FIG. 2) hosts multiple 

the forms data validation and processing control program forms, a different key or subkey identifier may be indicated 

255 is a CGI executable written in C/C++ such that the in each different form. 

program 255 runs native on a variety of different platforms. The source code of the form 280 in accordance with one 
In this manner, the forms data validation and processing embodiment also includes an indicator name 355, "HTML- 
control program 255 operates efficiently in many different 45 DATA" in this case, that indicates to the forms validation 
environments, and processing program 255 (FIG, 2) that the form has 

The handlers 260 may include one or more different corresponding configuration information in the registry 270 

handlers for each of the HTML forms 245 that may be under or otherwise associated with the registry key indicated 

accessed by the client PC 200 or another software or by the registry key identifier 350 that follows, 

hardware client. Further, the handlers 260 may include a 50 As also shown in FIG. 3B, in the HTML source code, each 

different handler for each type of data to be processed such field in the form 280 is identified by a field variable name, 

that multiple handlers are used to process a single form, but For example, "DOB" is the field variable name 360 associ- 

may be re-used for multiple forms. a ted with the field in which the user is to enter her date of 

For one embodiment, the handlers 260 are implemented birth. The field variable name is used during input data 

as Windows dynamic link libraries (DLLs), but may be 55 validation and for providing meaningful error messages 

implemented in a different manner in other embodiments back to the client in one embodiment as described in more 

and where other operating systems are used. detail below. Other aspects of the source code of the form 

Both the client PC 200 and the Web server 205 computer 280 shown in FIG. 3B are not provided in detail as they are 

systems may include other software and/or hardware mod- not material to the method or apparatus of the embodiments 

ules and devices not shown in FIGS. 1 and 2 such as network 60 discussed herein. 

drivers and devices, and other applications software. Referring back to FIG. 3 A, once the client system 200 

The inter-operation of the various software modules user is viewing the desired form 280, she enters the required 

according to one emtodiment is described in more detail and/or requested information into the form 280. FIG. 3C 

with continuing reference to FIG. 2. For purposes of illustrates the form 280 of FIG. 3A with exemplary infor- 

illustration, it is assumed that a user chooses to access a 65 matron entered into its various fields, 

particular form 280 of a variety of forms 245 stored on the It is assumed for purposes of example, in order to illus- 

Web server 205 and served by the HTTP server 240. The trate the capabilities of the invention, that nothing is entered 
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in the "NAME" field 305, "-256" is entered in the age field 
310, "somebody*xyz.com" in the "EMAIL ADDRESS" 
field 315 and "1/31/96" in the "DATE OF BIRTH" field 320 
as shown in FIG. 3C. 

Following entry of data into the form 280, the form 280 
is submitted by the client PC 200 user by clicking on the 
submit button 325, for example. For one embodiment, 
submitting the form causes data 290 from the form including 
input data entered into the form to be transmitted from the 
client PC 200 to the server 205. Referring back to FIG. 2, the 
data 290 from the form 280 is transmitted through the HTTP 
220 and TCP/IP 225 layers, over the Internet or other 
network 210, and back to the Web server 205 for processing. 

The data 290 from the form 280 includes the first registry 
key identifier 350 following the FORM declaration as well 
as all of the pairs of field variable names and associated 
input data entered at the client PC 200. The field variable 
names and user-entered values are referred to together as 
name-value pairs. Further, input data corresponding to a 
particular field may be referred to herein as a data item or 
input data item to distinguish it from the collective input 
data. 

When the data 290 is received by the server 205, it is 
transmitted through the TCP/IP layer(s) 230, the HTTP 
protocol layer 235, the HTTP server 240 and the CGI layer 
250 to the form data validation and processing program 255. 
(J3§eI253g2t^ 
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validation and processing method of one 
embodiment is described in more detail with reference to 
FIG. 4 as well as to FIGS. 2, 3C, 5, 6 and 7 as needed. 
In FIG. 4, after jhe^atai2 j>gfe 

determi^s^whemercthe^data ,<,irirlude^ua Ast^egistiy rkey! 

id ^S^^^jtejPjB gram 255 - then Jn.ste.p ,41C^general^ 

error messaire^rs^ 

errorm ^ 

inforrfT the client PC 200 user that^thb^orrh^^nnot"*be 4| 
processed. 

In <foe:£ase-j >^^ -fora 
(RG:~3B)^s-i<ientified3^^ 

procesilng^ograrn~255, so m^t^~41S"(Fi(jr4), configu*-^ 
radon~subkey s-under"or"otherwise"associated"with"me"re ^ 
istry^kejFi^cated-b^ 
aa;essed,in_order^to' vah^atenrle^t^^0~from _the Torm. j 
Configuration information may be stored under the registry 
key identified by the registry key identifier 350 without 
using separate configuration subkeys. 

FIG. 5 illustrates an example of the registry 270 including 
a first registry key 520 indicated by the registry key identifier 
350 and configuration subkeys 500-502. For one 
embodiment, each registry key corresponding to an HTML 
forms file includes or is associated with three or more ; 
configy^tion~subkeys:~a~Validatto 

subkey SOl^afidlTHandlers subkey 502 as shown in FIG. 5 
under the registry key 520. A different number of configu- 
ration subkeys may be included in other embodiments. 

The Validation subkey 500 includes rules used to evaluate 
the input data submitted by the client PC 200 user. The 
Labels subkey 501 is used to resolve the HTML variable 
names to the names actually displayed on an HTML page in 
order to provide a meaningful error message back to the 
client PC 200 user as described below. The Handlers subkey 
502 defines how to process input data once validation has 
been successfully performed. 
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For one embodiment, the information in the Validation, 
Labels, and Handlers subkeys 500-502 is entered into the 
registry 270 by a software program 272 (FIG. 2) that 
provides support for a specific set of forms. The software 
program 272 may be in the form of a wizard, a program that 
automatically configures the registry keys and subkeys 
based on user responses to predetermined questions. In 
another embodiment, an HTML programmer or other person 
manually enters the information required to configure the 
registry keys and configuration subkeys. 

Referring back to FIG. 4, in step 420, the input data item 
corresponding to the first field of the form 280, field 305 
(FIG. 3C), is evaluated. The form data validation and 
processing control program 255 validates INPUT type fields 
in an HTML form in one embodiment. Input type fields may 
include input data such as text, passwords, checkbox, and/or 
radio button inputs, for example. 

The field validation requirements, as mentioned above, 
are specified in the Validation subkey. For one embodiment, 
an entry in the Validation subkey has the following format: 

<field variable name>:<REG DWORD>:<arg>, where 

<field variable name> is the name of the field variable as 
identified in the HTML source code, <REG_DWORD> is 
registry-specific and specifies the type of data being stored, 
and <arg> refers to an argument that further defines the type 
of input data that is to be considered valid as described 
below. 

For one embodiment, the argument is implemented as a 
code in the form of bit flags in order to indicate the type of 
data that is to be considered valid for a given field. For one 
embodiment, the <arg> field is implemented as follows: 
0x00000000 — No validation requirements 
0x00000001— Mandatory entry field; Data must be 

entered for form to be processed 
0x00000002 — Input can only be numeric, unsigned (>0) 
0x00000004 — Input can only be numeric, signed or 

unsigned (e.g. 1,-1, 55, -256) 
0x00000008 — Input can be any character except 0-9, and 

control codes (0x00-0x19) 
0x00000010 — Input can only be numeric, signed/ 

unsigned, with/without decimal pt. 
0x00000020 — Input can only be a date with the format: 

mo./day/year (e.g. 1/31/90) 
0x00000040 — Input can only be a date with the format: 

day/mo./year (e.g. 31/1/90) 
0x00000080 — Input can only be date with the format: 

month/year (e.g. 1/90) 
0x00000100 — Input can only be an email address (e.g. 

myname@myserver.com) 
0x00000200 — Input can only be a credit card number 
Other types of arguments may be included in other 
embodiments and arguments in addition to those above may 
be provided for different types of input data. 

For one embodiment that uses the arguments provided 
above, the "mandatory entry field" argument can be com- 
bined with any other argument. The mandatory entry field 
argument requires data to be entered into the corresponding 
field before the form 280 can be processed by the data 
validation and processing control program 255. In other 
words, a field that has a mandatory entry field argument 
associated with it is considered to include invalid data if left 
blank. 

Using this approach, any field that does not have a 
mandatory entry field argument associated with it can still be 
considered valid even if the user does not enter any infor- 
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mation into the field. Information that is entered into the 
field, however, may still have to meet specified requirements 
in order for the information to be considered valid. 

Using the arguments above, the Validation subkey entries 
for the form 280 of FIG. 3A are shown in FIG. 5. "User- 
Name" is the field variable name for the "NAME 
(REQUIRED)" field 305 that is a mandatory entry field 
allowing alphanumeric input as indicated by the argument 
530; "UserAge" is the field variable name for the "AGE" 
field 310 for which the input is valid if in the form of an 
unsigned integer or the field is left blank as indicated by the 
argument 535; "UserEmaiT is the field variable name for the 
"EMAIL ADDRESS" field 315 for which valid input is an 
email address or no entry as indicated by the argument 540; 
and "DOB" is the field variable name for the "DATE OF 
BIRTH" field 320 for which valid input is a date in the form 
of mm/dd/yy or no entry is made as indicated by the 
argument 545. 

In the case of data entered into an HTML form, a current 
version of the HTML specification states that fields without 
values assigned to them (i.e. the user left the field blank) 
may not be sent by the browser 215 to the server 205. For 
one embodiment, even if there are no validation require- 
ments associated with a particular field or the field input data 
is to be considered valid even if left blank, an entry in the 
Validation subkey is used such that a field identifier is 
provided to any handlers associated with the form even if the 
field is left blank. 

Referring now to FIGS. 3C and 5, the argument 530 for 
the field 305 is interpreted by the data validation and 
processing control program 255 to determine the particular 
validation routine within the program 255 to run to validate 
any data entered into the field 305. In the example provided 
in FIG. 3C, the user has not entered any data into the field 
305. In step 425 of FIG. 4, because the field 305 is a 
mandatory entry field as determined by the argument 530 
corresponding to the field 305 in the Validation subkey 500, 
the input data item corresponding to the field 305 is not 
valid. In step 430, an error message corresponding to the 
field 305 is dynamically built and logged into an error log. 

An example of an error log 600 following validation of 
the input data in the field 305 is shown in FIG. 6. The error 
log is dynamically built using information in the Labels and 
Validation subkeys 501 and 500 (FIG. 5) including the field 
variable name 550 (FIGS. 5 and 6) and the argument 530 
corresponding to the field 305 for which invalid input data 
was identified. The Labels subkey 501 indicates a corre- 
spondence between the field variable name for each field and 
the name of the field as seen when viewing the form. For 
example, the field variable name "DOB" 360 (FIGS. 3B and 
5) corresponds to "DATE OF BIRTH" as seen on the form 
280. "REG__SZ" in this embodiment is required by the 
registry to indicate the type of data associated with the 
corresponding registry key— in this case, a character string 
that is NULL terminated. 

Referring back to FIG. 4, in step 435, it is determined that 
there are more fields to evaluate and in step 437, the next 
field, the field 310 in this case, is evaluated. Similarly, based 
on the argument 535 provided for the field 310 (variable 
name User Age) under the Validation subkey in FIG. 5, the 
data is determined to be invalid and a corresponding error 
message is logged into the error log 600. The same process 
is repeated for the fields 315 and 320. 

In the case of the field 320, the data is validated and 
determined to be valid based on the specified argument 545 
for the "DOB" field under the Validation subkey 500. In this 
case, following step 325, the method proceeds directly to 
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step 435 without logging an error into the error log 600 (FIG. 
6). In step 435, it is determined that there are no additional 
fields to evaluate and in step 440 it is determined that there 
are errors logged in the error log 600 (FIG. 6). 

Once all the fields of the form 280 have been evaluated, 
in step 445, the data validation and processing control 
program 255 (FIG. 2) sends the dynamically built error log 
as an error message 600 to the client PC 200. The error 
message 600 is communicated to the client PC 200 from the 
server 205 through the CGI layer 250, the HTTP server, 340, 
the HTTP protocol and TCP/IP layers 335 and 330, and over 
the Internet 310. 

FIG. 7 illustrates an example of what the completed error 
log/error message 600 might look like for the data entered 
into the form 280 in FIG. 3C. As shown in FIG. 7, the error 
message 600 is detailed and specific providing instructions 
to the client PC 200 user regarding how to correct the errors 
for each of the fields for which invalid data was detected. 

For one embodiment, the error message 600 is an HTML 
document that can be viewed by the browser 215 on the 
client PC 300. The error message 600 is dynamically con- 
structed by the data validation and processing control pro- 
gram 255 in one embodiment using resource compiler (.RC) 
files in conjunction with a Resource Compiler product from 
Microsoft Corporation together with information stored in 
the Validation 500 and Labels 501 subkeys shown in FIG. 5. 
The .RC files in this embodiment provide the text used in the 
error message specific to each argument and can be indexed 
by the field variable name. For one embodiment, the par- 
ticular string extracted and entered into the error log to 
create the error message is controlled by the data validation 
and processing control program 255 in conjunction with 
Win32 libraries (not shown) available with the Windows NT 
operating system 278 (FIG. 2). Operating systems other than 
Windows and Window NT that provide similar capabilities 
may also be used for other embodiments. 

The text provided in response to each detected error can 
be customized to be as detailed and specific as desired. In 
this manner, the error message 600 can indicate to a user in 
an understandable manner, the specific field(s) for which 
invalid input data has been detected. Similarly, the data 
validation and processing control program 255 can be con- 
figured to provide error messages in languages other than 
English to facilitate locale-specific support without signifi- 
cant additional programming resource investment. 

After the error message 600 is sent, it is assumed for 
purposes of example that the form 280 is re-submitted from 
the client PC 200 with valid information entered into each of 
the fields 305, 310, 315 and 320 (FIG. 3A). The validation 
process described above with reference to FIG. 4 is repeated. 
In step 435, when all fields have been evaluated and in step 
440, no errors are entered into the error log/message 600 (i.e. 
all input data has been determined to be valid), then in step 
450, the form data validation and processing control pro- 
gram 255 loads and invokes any handlers associated with the 
form 280. The handlers) associated with the form 280 (if 
any) are indicated in the registry configuration subkeys 
under the Handlers subkey 502. 

sln^^^^ , ^^^r^^^e^a^c^a^^wl^h , ^ 
~~ — "'*ngcontrol-program^255 
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invokes and transfers control to handler2. If other handlers 
exist, the data validation and processing control program 
will load and transfer control to each handler successively. 

Handlers therefore act as "plug-in" modules that can be 
added to perform any variety of processing tasks simply by 
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entering the handler filename into the configuration subkeys 
under the Handlers subkey 502. In this manner, data pro- 
cessing support can be easily customized. Once processing 
is complete, any output firom the handlers may be sent back 
to the client PC 200 and the method ends at step 455. 

For one embodiment, the data validation and processing 
control program 255 uses the Win32 (a Windows or Win- 
dows NT application programming interface) function 
LoadLibrary( ) where the handlers are implemented as 
Windows DLLs. As each handler is invoked, the data 
validation and processing control program 255 also passes 
the input data received from the form 280 to each of the 
handlers. For one embodiment, the data is passed in the form 
of an array of pointers to null-terminated name/value pairs. 

In the foregoing specification, the invention has been 
described with reference to specific exemplary embodiments 
thereof. It will, however, be evident that various modifica- 
tions may be made without departing from the broader spirit 
and scope of the invention as set forth in the appended 
claims. The specification and drawings are, accordingly, to 
be regarded in an illustrative rather than a restrictive sense. 

What is claimed is: 

1. A computer- implemented method for validating input 
data, the method comprising: 

receiving data including input data from a form submitted 
from a first computer system to a second computer 
system, the form being stored on the second computer 
system and electively accessed via the first computer 
system, the second computer system including a reg- 
istry; and 

determining whether the input data is valid using infor- 
mation stored in the registry. 

2. The computer-implemented method of claim 1 further 
including determining whether the data from the electronic 
form includes a first registry key identifier and wherein 
determining whether the input data is valid is performed 
only if the data includes the first registry key identifier. 

3. The computer-implemented method of claim 1 wherein 
the information stored in the registry is stored in at least one 
configuration key associated with a first registry key iden- 
tified in the data. 

4. The computer-implemented method of claim 1 wherein 
the form includes fields for entering input data and the data 
received from the form includes input data corresponding to 
the fields, wherein determining whether the input data is 
valid includes: 

comparing input data corresponding to each field with a 
corresponding entry in the registry, 

if a first item of input data corresponding to a particular 
field is invalid, indicating an error in an error log, and 

repeating comparing and indicating until input data cor- 
responding to all fields of the form have been evalu- 
ated. 

5. The computer-implemented method of claim 4 further 
including: 

if an error has not been indicated in the error log after 
input data corresponding to all fields of the form have 
been evaluated, invoking a data processing program to 
process the input data, and 

if at least one error has been indicated in the error log after 
input data corresponding to all fields of the form have 
been evaluated, sending an error message to the first 
computer system. 

6. The computer-implemented method of claim 5 wherein 
the data processing program to be invoked is specified in the 
registry. 
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7. The computer-implemented method as set forth in 
claim 4 wherein indicating an error in an error log includes 
dynamically building an error message corresponding to the 
particular field using the information stored in the registry. 

8. The computer-implemented method of claim 1 wherein 
the electronic form is a Hypertext Markup Language 
(HTML) form accessed by a client over the Internet. 

9. An apparatus comprising: 

a registry in a first computer system to store a registry key 
corresponding to an electronic form to be stored in the 
first computer system; and 

a form data validation and processing control module in 
the first computer system to determine whether input 
data entered into the electronic form via a second 
computer system is valid using information stored in 
the registry, wherein the form is electively accessed by 
the second computer system. 

10. The apparatus of claim 9 wherein the form data 
validation and processing control module only determines 
whether the input: data is valid using information stored in 
the registry if data from the electronic form including the 
input data identifies the registry key. 

11. The apparatus of claim 9 wherein the information 
stored in the registry that is used to determine whether the 
input data is valid is stored in one or more configuration 
subkeys corresponding to the registry key. 

12. The apparatus of claim 9 wherein the registry specifies 
one or more data processing programs and wherein the form 
data validation and processing control module invokes one 
of the data processing programs if the input data is deter- 
mined to be valid. 

13. The apparatus of claim 9 wherein the electronic form 
includes one or more input fields and the input data includes 
one or more data items corresponding to the one or more 
input fields, and wherein the form data validation and 
processing control module is further to dynamically produce 
an error message to indicate each of the fields for which the 
corresponding data item is determined to be invalid using 
the information stored in the registry. 

14. The apparatus of claim 13 wherein the registry 
includes at least one configuration subkey to indicate a data 
processing program to be invoked if the input data is 
determined to be valid, and to store the information used to 
determine whether the input data is valid, the information 
including validation information corresponding to each 
field. 

15. The apparatus of claim 9 further including a wizard 
coupled to the registry, the wizard to respond to input 
information to configure the registry and store the informa- 
tion used to determine whether the input data is valid. 

16. A computer system comprising: 
a processor to process information; 
a registry; and 

a form data validation and processing program stored in 
a memory coupled to the processor, the form data 
validation and processing program to be executed by 
the processor to determine whether input data received 
from an electronic form from a remote computer sys- 
tem is valid using information stored in the registry, 
wherein the electronic form is stored in the computer 
system and electively accessed by the remote computer 
system. 

17. The computer system of claim 16 further including a 
network connection wherein data from the electronic form 
including the input data is received from a client system 
through the network connection. 
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18. The computer system of claim 16 wherein the registry 
includes a first registry key corresponding to the electronic 
form and wherein the form data validation and processing 
control program is further to determine whether data from 
the electronic form including the input data identifies the 5 
first registry key. 

19. The computer system of claim 16 wherein the form 
data validation and processing control program is further to 
dynamically build an error message using information stored 

in the registry if input data is invalid. 10 

20. The computer system of claim 19 wherein the error 
message specifies each field of the electronic form for which 
input data is determined to be invalid. 

21. The computer system of claim 16 further including a 
wizard coupled to the registry to control storage of the 15 
information in the registry used to determine whether the 
input data is valid. 

22. The computer system of claim 16 wherein the registry 
is part of an operating system. 

23. A machine readable medium having stored thereon 20 
data representing sequences of instructions, which, when 
executed by a first computer system, cause the first computer 
system to perform a process comprising: 

providing a second computer system elective access to an 
electronic form; and 



523 

14 

determining whether input data entered into the electronic 
form from the second computer system is valid using 
information stored in a registry on the first computer 
system, 

24. The machine readable medium of claim 23 further 
causing the first computer system to perform the process 
comprising: 

determining whether data from a particular electronic 
form can be validated by determining whether the data 
identifies a valid registry key in the registry. 

25. The machine readable medium of claim 23 further 
causing the first computer system to perform the process 
comprising: 

dynamically building an error message indicating each 
field of the electronic form for which input data was 
determined to be invalid using the information stored in 
the registry, 

sending the dynamically built error message to a client 
from which the input data was received if input data 
was determined to be invalid, and 

invoking a data processing program indicated in the 
registry if the input data was determined to be valid. 
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